October 16, 2002
Spam, hype and SpamAssassin

After a short break (only my perception?), spam has been coming back in the news recently... The Truth Laid Bear requests "Spam Be Gone", BBC ran a marketing-hyped piece on how Spam poses a thread to privacy, and Wired reported a new form of spam using Windows Messenger. (The latter one is a nasty one, I have to say, although I've not seen any myself (yet)).

Spam is a problem. A big one. No news there.

The only 100% guaranteed way of avoiding spam is not to have an email account, to disconnect your PC from the 'net, turn off your mobile phone etc. Briefly summarized: Forget it.

Second best is to not publish your email address anywhere, alternatively having multiple email addresses or a setup allowing you to customize your address any time you register the address on a website. The non-distribution tactic has worked for my professional mail address. 2.5 years in this job and not a single spam. Only way you've been getting my mail address is printed on my business card or if I've emailed you from here (not likely unless you're a business partner, family or we're close friends).

But what with the rest, you ask? How can I communicate with "the world" without the massive problem of spam?

For both "backwards compatibility" and to have a secure, personal mailaddress, I've kept my old university account(s) alive. (Thanks, Lars). On these account(s) I run SpamAssassin on all incoming mail before it sees my inbox. Like this, I can sort inbound mail in different, pre-filtered boxes: spam (I check this maybe weekly to look for false positives, but if you email me something that qualifies for the spam-box, don't expect a reply. ever. because probably it will go unread), mailinglists (read when I can be bothered ;-) and inbox (usually only personal mail arrives here, and I do reply...)

SpamAssassin works with a sophisticated scoring system - giving points for known spam-phrases, erroneous headers (many spammers have bad dates, fake "Received:"-headers in messages and more.) They also integrate with a spam-prevention system called Razor:

"a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database--at which point everyone else will automatically block it. "
Of course, SpamAssassin is running a continuous fight with professional UCE-mailers (Unsolicited Commercial Emails) who can adapt their messages to skim just below the scoring threshold of SA, but in general, it does the trick, and most Nigerian breast-enlarging all herbal inkjet cartridge refill life extending pill scam-ads (seen on TV !!) I get hits the thrashcan by default . . .

Spam Assassin catches approx 99 percent of all my spam in its current version. Of course, I assume I'll need to continue upgrading every n months to stay ahead of spammers, but it does an extremely good job overall. From the sheer number of messages getting caught compared to the ones getting through, it seems more like luck and less like intelligence from the spammers' side for the messages that reach my inbox.

Marketing hype for SpamAssassin? Rather real experiences. Compared to BBC's commercial piece on Mirapoint which mentions that the software uses some 25 checks to score spam, SpamAssassin uses hundreds of tests and has a quietly smiling crowd of followers with clean inboxes...

Sponsored links
Related Entries
Comments

Nice article. I have approx. 7 or 8 different email adresses as of this moment but I've probably had 20+ in the past. Whenever I sign up somewhere I use a free webmail account just in case...

I also found this article some days ago: http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html
Not a big issue I hope but maybe enough to be irritating...

Posted by: Odegard on October 16, 2002 10:22 PM

Do you have any data about blog spamming? I wanted to know the guidelines on blog posting.

Posted by: Paolo Roat on August 14, 2003 03:00 PM

What's about a spam assasin for weblogs. Such a system has to take the date of article posting and the history of comments into account ;-)

Posted by: Gerald on August 17, 2003 08:55 PM

I think that SpamAssassin is still the best anti-spam tool. I wish my employer's network switched from Barracuda to SpamAssassin. And it made its way to Windows, too: McAfee Spamkiller is using some components, SAproxy Pro used to implement a full set of features. Because SAproxy is an open source project, anybody on Win32 with an entry level of Perl skills can build its own free SpamAssassin filter (I did). :-)

Posted by: SAproxy fan on March 8, 2005 04:47 AM
Post a comment
Name:


Email:
(Will not be displayed if you enter a website below. Otherwise, it will be displayed "spam protected")


Website:
(if you have one)


What do you want to say?
(please don't bother posting "spam" (pornography, viagra-sales etc - I will delete such comments anyway))


Remember info?



Referrers to this page
TrackBack URL for this entry:
http://www.jacobsen.no/cgi-sys/cgiwrap/anders/MT/mt-tb.cgi/332
andersja's blog: The dark side of spam filtering (March 26, 2003 12:45 PM)
"Call me lazy, but seeing the way things are developing online, telephone and instant messaging is the way to reach me; there's just too much spam-email..."
Legends of the Sun Pig: SpamAssassin with SAProxy (May 3, 2003 09:17 AM)
"

I'm happy to say that spam isn't usually too much of a problem for me. I get about half a dozen messages per day on my main sunpig address. That's a manageable volume. Most spam is ve...

"
Hillside Meditations: Let there be.... NO Spam (March 13, 2005 10:44 PM)
"Tracking back to www.electricvenom.com For me SpamAssassin works really great on my Linux machine. I used to receive about 100 emails a day, 95 being spam mails (my email address has been around for a while). With SpamAssassin installed in summer 20..."

6971 visits (1 today, 5 this week)

© Anders Jacobsen
[weblog / photography]